←back to thread

43 points dschofie | 1 comments | | HN request time: 0.519s | source
Show context
purpleidea ◴[] No.40217271[source]
If this doesn't also _add_ some "accidental" backdoor, I'd be surprised.

Microsoft's security reputation is so flawed, that some parts simply must be intentional, or coerced.

Don't use this repo. Very interesting TIL about golang at Microsoft. Thanks for sharing.

replies(3): >>40217309 #>>40217335 #>>40217441 #
1. bitwize ◴[] No.40217441[source]
Jonathan Blow ranted about the susceptibility of open source to supply chain attacks from state actors, which discussion recently became germane again in light of the xz backdoor.

What he didn't discuss was how vulnerable proprietary vendors (including, but by no means limited to, Microsoft) are to "rubber-hose vulnerability injection".

Anyway, it's good to see Microsoft actually participating in the open source process.